Re: Joint 2003 Server to Domain over Checkpoint VPN

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Hi Anthony

When we use any resource on the home network, the XP machines get prompted
for a domain login.

Does 2003 use a directed broadcast to find a DC? or does it use DNS to
locate a DC record. I'm wondering if this is a fragmentation problem on the
VPN. Will do a network capture and let you know.

Richard



"Anthony [MVP]" wrote:

OK, all we know at the moment is that the server can not connect to the DC.
We need to a) see whether the VPN is working correctly and b) see whether
the server is configured correctly.

-----VPN-----
Is all traffic allowed, or is it filtered?
Do the XP workstations have any similar errors?
Can you do domain operations between the workstations and the DC, like
Manage the computer, remote registry etc.
Can you copy a large file successfully over the VPN?

-------Server Config-------
Is the DNS set up correctly?
Can you ping "dt" and "dt.com"?
Did it join the domain successfully (is it a Ghosted image or is that just a
coincidence?)?
What error do you get if, from the server, you try to "Manage" the DC or
bring up an Active Directory mmc to connect to the DC? and vice versa?
What OS and Service Pack? If W2K3 SP2, is it this:
http://support.microsoft.com/kb/936594/en-us

Hope that helps,
Anthony
http://www.airdesk.co.uk



"Rich@DT" <RichDT@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:7CBAC8B2-9074-4AFC-A024-176315527BB6@xxxxxxxxxxxxxxxx
Hi Anthony,

Its a site to site vpn, with existing xp clients, apparently joined to the
domain prior to site deliver. Here are a few example logs from the 2003
Server:
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1053
Date: 02/04/2008
Time: 14:46:58
User: NT AUTHORITY\SYSTEM
Computer: GHOSTPARIS
Description:
Windows cannot determine the user or computer name. (The specified domain
either does not exist or could not be contacted. ). Group Policy
processing
aborted.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: W32Time
Event Category: None
Event ID: 18
Date: 02/04/2008
Time: 15:06:08
User: N/A
Computer: GHOSTPARIS
Description:
The time provider NtpClient failed to establish a trust relationship
between
this computer and the dt.net domain in order to securely synchronize time.
NtpClient will try again in 30 minutes. The error was: The trust
relationship
between this workstation and the primary domain failed. (0x800706FD)

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5719
Date: 02/04/2008
Time: 14:28:50
User: N/A
Computer: GHOSTPARIS
Description:
This computer was not able to set up a secure session with a domain
controller in domain DT due to the following:
Not enough storage is available to process this command.
This may lead to authentication problems. Make sure that this computer is
connected to the network. If the problem persists, please contact your
domain
administrator.

ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it sets
up
the secure session to the primary domain controller emulator in the
specified
domain. Otherwise, this computer sets up the secure session to any domain
controller in the specified domain.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 17 00 00 c0 ...À


Best regards
Richard





"Anthony [MVP]" wrote:

Hi Richard,
You have two Checkpoint firewalls making a site to site VPN? Is all
traffic
allowed over the VPN? Do you already have clients at the branch that are
connected, or is this the first connection? What exactly is the error you
get? Are you able fully to manage the unjoined server remotely, or does
anything fail?
Anthony,
http://www.airdesk.co.uk


"Rich@DT" <RichDT@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:FB668867-66D2-48E3-AF7A-429B91BFCE90@xxxxxxxxxxxxxxxx
Hi

I have installed a 2003 Server in a branch office, unfortunately I am
not
able to join it to domain. I have reviewed many articles, but can not
find
any work-arounds?

Any help very much appreciated

Richard






.

Relevant Pages

  • Re: [Full-disclosure] Remote Desktop Command Fixation Attacks
    ... This set of steps is redundant in many places, and it's also enormously expensive, since you're using no less than three different expensive bits of networking hardware (AP, PIX, VPN Concentrator), in addition to a bunch of x86 server hardware, windows server licenses, and at least one ISA license. ... Your computers necessarily don't have full access to your network infrastructure when they aren't logged on, so GPOs, software updates, etc can't be applied at the times you want them to be applied. ... Turning on, enabling, and implementing every possible security setting and device you think of is not defence in depth, and will probably only have two effects - your users won't use your wireless network, and you'll burn so much cash you won't have any left to spend on *useful* security measures. ...
    (Full-Disclosure)
  • Re: VPN with SBS 2003 (not R2) and DSL.
    ... Reading property value for VPN returned OK ... Reading VPN Server Name returned OK ... identical network cards. ... it seems doubtful that SBS will work properly with two NICs ...
    (microsoft.public.windows.server.sbs)
  • RE: Strange Irregular DNS/Networking Problems
    ... My network is not a complicated set up and only has one domain controller. ... problems with DNS resolving after changing DNS servers. ... I was already using the server for DHCP. ...
    (microsoft.public.windows.server.dns)
  • RE: VPN Connection Problems
    ... Note that we are able to successfully VPN into the office. ... to browse the network, RDP to the server or even ping the server. ... > This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN clients unable to connect to other resources.
    ... on the SBS 2003 server just not sure where to go for help on it. ... Next time I'm at my home PC, I'll VPN in and see what IP info I'm getting ... client PC on your LAN, you should be able to do so from a remote VPN client, ... get the network path was not found. ...
    (microsoft.public.windows.server.sbs)